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WHAT IS CLAIMED IS: 

1- A network relaying apparatus comprising: 

a plurality of I/O ports connected to network 

terminals ; 

means for storing information relating to a 
connecting state of said network terminal, said information 
indicating correspondence between each of said I/O ports 
and a network address of said network terminal connected to 
each of said I/O ports; 

means for storing user authentication information 
for each of said network addresses; 

packet communicating means for transmitting and 
receiving packets through said I/O ports; 

packet relaying means for determining a destina- 
tion of the packet received from each of said plurality of 
I/O ports by said packet communicating means on a basis of 
the information held by said means for storing the informa- 
tion relating to the connecting state of said network 
terminal and instructing said packet communicating means to 
transmit said received packet; and 

user authenticating means for determining if the 
user authentication information specif ied against said 
network address is correct on a basis of the user authenti- 
cation information stored in said means for storing the 
authentication information, 

wherein said packet relaying means operates to 
learn correspondence between the I/O port for receiving 
said received packet and said source network address on a 



basis of the source network address information contained 
in said received packet, request the user authentication 
information for the source network terminal if the change 
of the content of said means for storing the information 
relating to the connecting state of the network terminal is 
required by said learned result, specify the user authenti- 
cation information transmitted by said source network 
terminal, instruct said user authenticating means to 
execute the user authentication, and change the content of 
said means for storing the information relating to the 
connecting state of said network terminal and relay said 
received packet if the user is authenticated to be correct. 

2 . A network relaying apparatus as claimed in claim 
1, wherein said network relaying device is a LAN switch 
including a virtual LAN . 

3. A network relaying apparatus as claimed in claim 
1, wherein if the user authentication indicates the user is 
not correct for said network address, said packet communi- 
cating means operates to suppress the change of the content 
of said means for storing the information relating to the 
connecting state of said network terminal and discard the 
received packet having caused the change. 

4. A network relaying apparatus as claimed in claim 
1, wherein the user authentication information stored in 
said storing means contains a contact mail address of the 
concerned user, and said user authenticating means operates 
to create a message for indicating that a packet having the 
incorrect user authentication information has been trans- 



mitted to a contact mail address registered in said means 
for storing the user authentication information if the user 
authentication information is determined to be incorrect 
for said network address as a result of said user 
authentication and to instruct said packet communicating 
means to transmit said message. 

5. A network relaying apparatus as claimed in claim 

1, further comprising means for storing a contact mail 
address of an administrator of said network relaying 
device, wherein said user authenticating means operates to 
create a message for indicating that a packet having the 
incorrect user authentication information has been trans- 
mitted to a correct mail address of an administrator of 
said network relaying apparatus if the user authentication 
is determined to be incorrect for said network address as a 
result of said user authentication and to instruct said 
packet communicating means to transmit said message. 
6* A network relaying apparatus as claimed in claim 

1, wherein said network address is an IP address. 

7. A network relaying apparatus as claimed in claim 
1, wherein said network relaying means communicates by 
using a mobile IP. 

8. A communication control method in a communica- 
tions network system having plural network terminals and a 
network relaying device connected through a communication 
path, said network relaying device having a plurality of 
I/O ports connected with said network terminals and means 
for storing information relating to a connecting state of 



said network terminal, said information indicating corre- 
spondence between each of said I/O ports and a network 
address of each of said network terminals connected to said 
I/O ports, comprising the steps of: 

registering user authentication information for 
each network address of each of said network terminals; 

receiving packets transmitted by a first network 
terminal through said I/O port; 

if a source network address contained in said 
received packet does not correspond to said receive I/O 
port stored in said means for storing the information 
relating to a connecting state of said network terminal, 
updating a content of said means for storing a connecting 
state of said network terminal so that said source network 
address may correspond to said receive I/O port; 

determining a destination of said received packet 
based on the information held in said means for storing the 
information relating to a connecting state of said network 
terminal and transmitting said received packet; and 

when updating the content of said means for 
storing the information relating to a connecting state of 
said network terminal, requesting user authentication 
information for said first network terminal, for doing user 
authentication on a basis of the user authentication 
information registered for each network address if said 
source network address does not correspond to said receive 
I/O port stored in said means for storing the information 
relating to a connecting state of said network terminal, 
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and changing the content of said means for storing the 
information relating to a connecting state of said network 
terminal and transmitting said received packet if the 
correct user authentication information is obtained. 

9. A communication control method as claimed in 
claim 8, further comprising the steps of: 

if the correct user authentication information 
cannot be obtained from said first network terminal , 
suppressing a change of the content of said means for 
storing the information relating to a connecting state of 
said network terminal and discarding said received packet. 

10. A communication control method as claimed in 
claim 9, further comprising the step of: 

if the correct user authentication information 
cannot be obtained from said first network terminal, 
suppressing the transfer of the packets at the I/O port 
having received said packet. 

11. A communication control method as claimed in 
claim 8, further comprising the steps of: 

registering said user authentication information 
and a contact mail address of the concerned user for each 
network address; and 

if the correct user authentication information 
cannot be obtained from said first network terminal/ 
transmitting to a contact mail address registered in said 
source network address a message for indicating that a 
packet having incorrect user authentication information has 
been transmitted. 



12. A communication control method as claimed in 
claim 8, further comprising the step of: 

registering a contact mail address of an 
administrator of said network relaying device; and 

if the correct user authentication information 
cannot be obtained from said first network terminal, trans- 
mitting to a contact mail address of the administrator of 
said network relaying apparatus a message for indicating 
that a packet having incorrect user authentication informa- 
tion is transmitted, 

13. A communication control method as claimed in 
claim 8, wherein said network address is an IP address. 

14. A communication control method as claimed in 
claim 13, wherein said network relaying apparatus is a LAN 
switch including a virtual LAN. 

15. A communication control method as claimed in 
claim 14, wherein if the correct user authentication 
information cannot be obtained from said first network 
terminal, a message for indicating transmission of a packet 
having incorrect user authentication information is 
transmitted to all the network terminals of the VLAN whose 
address belongs to the source network address of said 
received packet. 

16. A communication control method as claimed in 
claim 8, further comprising the steps of: 

when determining a destination of said received 
packet, if the correspondence between the destination 
network address of said received packet and the I/O port 



needs the update of the content of said means for storing 
the information relating to a connecting state of said 
network terminal, requesting user authentication informa- 
tion for the network terminal of said destination network 
address for the purpose of doing the user authentication on 
a basis of the user authentication information registered 
at each network address, and updating the content of said 
means for storing the information relating to a connecting 
state of said network terminal and transmitting said 
received packet if no correct user authentication informa- 
tion can be obtained. 

17. A communication control method as claimed in 
claim 8, further comprising the step of: 

requesting the user authentication information 
for each network address held in said means for storing the 
information relating to a connecting state of said network 
terminal, for the purpose of periodically doing the user 
authentication on a basis of the user authentication 
information registered in each network address. 

18. A program for controlling communications in a 
communications network system having a plurality of network 
terminals and a network relaying device through a communi- 
cation path, said network relaying apparatus having a 
plurality of I/O ports connected with said network 
terminals and means for storing information relating to a 
connecting state of said network terminal, said information 
indicating correspondence between each of said I/O ports 
and a network address of each of said network terminals 



connected with said I/O ports, said relaying apparatus 
operating to receive packets transmitted by said network 
terminals through said I/O ports, if a source network 
address contained in said received packet does not 
correspond with said receive I/O port stored in said means 
for storing the information relating to a connecting state 
of said network terminal, update the content of said means 
for storing the information relating to a connecting state 
of said network terminal so as to make the correspondence 
correct, determine a destination of said received packet on 
a basis of the information stored in said means for storing 
the information relating to a connecting state of said 
network terminal, and transmit said received packet, said 
program containing a program code taking the steps of: 

registering user authentication information at 
the network address of each of said network terminals; and 

when updating a content of said means for storing 
the information relating to a connecting state of said 
network terminal, if said source network address does not 
correspond with said receive I/O port stored in said means 
for storing the information relating to a connecting state 
of said network terminal, requesting user authentication 
information for said first network terminal for doing user 
authentication on a basis of the user authentication 
information registered at said network address, and chang- 
ing a content of said means for storing the information 
relating to a connecting state of said network terminal and 
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transmitting said received packet if the correct user 
authentication information can be obtained. 
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